Lorax is a set of tools used to create bootable images.
f113766f22
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626120
|
||
|---|---|---|
| docs | ||
| etc | ||
| rel-eng | ||
| share | ||
| src | ||
| systemd | ||
| tests | ||
| utils | ||
| .coveragerc | ||
| .dockerignore | ||
| .gitignore | ||
| .travis.yml | ||
| ANNOUNCE | ||
| AUTHORS | ||
| COPYING | ||
| Dockerfile.test | ||
| epel.repo | ||
| lorax-composer.spec | ||
| Makefile | ||
| POLICY | ||
| README | ||
| README.livemedia-creator | ||
| README.product | ||
| setup.py | ||
| TODO | ||
I am the Lorax. I speak for the trees [and images].
Tree building tools such as pungi and revisor rely on 'buildinstall' in
anaconda/scripts/ to produce the boot images and other such control files
in the final tree. The existing buildinstall scripts written in a mix of
bash and Python are unmaintainable. Lorax is an attempt to replace them
with something more flexible.
EXISTING WORKFLOW:
pungi and other tools call scripts/buildinstall, which in turn call other
scripts to do the image building and data generation. Here's how it
currently looks:
-> buildinstall
* process command line options
* write temporary yum.conf to point to correct repo
* find anaconda release RPM
* unpack RPM, pull in those versions of upd-instroot, mk-images,
maketreeinfo.py, makestamp.py, and buildinstall
-> call upd-instroot
-> call maketreeinfo.py
-> call mk-images (which figures out which mk-images.ARCH to call)
-> call makestamp.py
* clean up
PROBLEMS:
The existing workflow presents some problems with maintaining the scripts.
First, almost all knowledge of what goes in to the stage 1 and stage 2
images lives in upd-instroot. The mk-images* scripts copy things from the
root created by upd-instroot in order to build the stage 1 image, though
it's not completely clear from reading the scripts.
NEW IDEAS:
Create a new central driver with all information living in Python modules.
Configuration files will provide the knowledge previously contained in the
upd-instroot and mk-images* scripts.
--
David Cantrell <dcantrell@redhat.com>